Not all those who wander are lost, but how did you end up here?

This page is a work in progress

On this page I will describe basic and advanced Ghidra configuration, tips&tricks, extensions worth recommending, Ghidra programming, and then I plan to cover some more advanced topics.

Oh by the way, check out my Ghidra open-source projects!

  • CtrlP - Ctrl+P plugin for Ghidra: quick search and command palette.
  • ghidralib - a Pythonic standard library for Ghidra.

Ghidra Configuration

  • Ghidra configuration 101 - how to improve your Ghidra experience. Things I believe everyone should do immediately after installation.
  • Ghidra keybindings - by default Ghidra is pretty mouse-driven. I explain the default keybindings (and share my recommended improvements) here.
  • My tweaks - a few more controversial changes that I apply. Check out for various weird ideas - maybe you’ll like some of them. I also describe how I personally use Ghidra.

Ghidra Techniques

TODO: move parts this to the RE section?

  • Using the Emulator - how to use the Ghidra emulator.
  • Using the Debugger - how to use the Ghidra debugger.
  • PCode - what is PCode and how to use it.
  • Debug Information - working with PDB files.
  • Flow and fallthrough overrides - manipulate control flow like a ninja.
  • Overlays - advanced memory maps.
  • Function IDs (FIDs) - managing function signatures.
  • Function Fixups - how to create and use function fixups.
  • CSpec - how to create and use Compiler Specification files.

Ghidra Scripting

  • Ghidra scripting 101 - introduction to Ghidra scripting.
  • Scripting with ghidralib - save your time with ghidralib.

Extending Ghidra

  • Ghidra extension development - how to create a Ghidra extension.
  • Custom Data Type definitions - Custom data type visualisations
  • Creating a Ghidra Loader - how to create a Ghidra loader.
  • SLEIGH
  • Creating a Ghidra CPU Module - how to create a Ghidra CPU module.
  • Pcode Injection

Ghidra decompiler

  • Decompiler basics - How to build, use and understand the Ghidra decompiler
  • RULECOMPILE - Undocumented Ghidra decompiler rule language.

My Open-Source Ghidra Projects

  • CtrlP - Ctrl+P plugin for Ghidra: quick search and command palette.
  • ghidralib - a Pythonic standard library for Ghidra.

Third Party Plugins and Extensions

  • Floss - for obfuscated strings
  • Cartographer - for code coverage
  • Goresym - add symbols to golang binaries
  • Dhrake - supports Delphi reverse-engineering